The Cybersecurity Canon: Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don’t Even Know You Encounter Every Day

We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.

Executive Summary

As our lives are more and more online, we need to be very aware of the Spies Among Us. In his book by that name, Ira Winkler shares the techniques spies use to get to you, your company and your sensitive information, and how to defeat them. The first part introduces the way spies think, their targets, who they are and how they operate. In the second section, Ira tells stories of his experiences. This is where he shines as one of the best in the cybersecurity industry. He describes, in detail, six cases of successful espionage. He explains how the vulnerabilities were exploited so the reader understands countermeasures and how to prevent, or at least detect, when it happens to you.

As you read, or hear, Ira tell the stories, you may swear it is your own company being attacked. They feel that real. In the final section, Ira continues to build on implementing countermeasures to reduce the effects of spies among us. These are steps every person and organization must take in our connected world. Even though this book was written in 2005, these are timeless concepts that are still true today. Some of the technologies are dated, like phone modems, and the book could use updating to include more modern technologies, such as cloud and IoT. However, this is a book cybersecurity professionals should read as a reminder of the timeless, simple security concepts and to hear Ira’s wonderful stories of the Spies Among Us.

Review

Introduction

As our lives are more and more online, we need to be very aware of the Spies Among Us. In his book by that name, Ira Winkler shares the techniques spies use to get to you, your company and your sensitive information, and how to defeat them. The subtitle, How to Stop the Spies, Terrorists, Hackers, and Criminals You Don’t Even Know You Encounter Every Day, describes what this book is about. It’s a book for anyone wanting to learn the methods malicious actors use to hide in plain sight in order to disrupt your life. Ira splits the book into three parts: Espionage Concepts, Case Studies and Stopping the Spies. This structure helps the reader understand tools and techniques used by spies, how they exploit common vulnerabilities, and how to reduce their effectiveness. Even though this book was written in 2005, these are timeless concepts that are still true today.

Ira uses the “spy” throughout the book as a loose term to describe anyone who wants to breach your company, computers, systems, or data. He includes terrorists (although it’s not a book about terrorism), hackers, criminals and other malicious entities who perform acts to harm you. Time and time again, we see that the methods they use are surprisingly basic and that these incidents could have been prevented with even more basic countermeasures. These are fundamental concepts many have yet to learn. Even those experienced in cybersecurity need the reminder that “more than 99% of successful attacks are preventable.”

Part I: Espionage Concepts

In the first section of Spies Among Us, Ira introduces the way spies think, their targets, who they are and how they get you. In it, you learn their operational methods and literally how to be a spy. This isn’t to expand the criminal element, but to help the reader understand that performing the act isn’t very difficult – not getting caught is.

Today’s cybersecurity professionals need to have experience as intelligence analysts. Chapter 1 explains who, what, why and how that happens. Ira expands on the types of spies, the intelligence process and forms of information, weaving in stories that bring the examples home.

Chapter 2 introduces an elementary risk equation and risk assessment process. In 2005, security was still in its infancy, and professionals were starting with the qualitative risk analysis method Ira describes in his book. This is another area of the book that shows its age. While this provides a good background, it should be supplemented by more quantitative measures available today.

Chapters 3, 4 and 5 dive into who the spies are, the techniques they employ, and how they are causing a death by 1,000 cuts. Ira makes the point that it’s indifference to risks, threats and vulnerabilities by organizations and individuals that cause many breaches. This is as true today as it was in 2005. He explains the types of assets and their value in order to best determine the impact of a breach. Chapter 4 describes threat actors, including countries today that are still being charged with hacking – like Russia and China. The last chapter of this section divides vulnerabilities into four main categories: operational, physical, personnel and technical; all of which need to be considered by security professionals. You ignore any at your own risk.

Many of the concepts in these chapters are basic, but that is what was needed back when the book was written. Today, they provide a good reminder as well as a history of security in the 2000s. Ira would do well to update these in a new edition to better meet today’s security challenges seen in cloud services, the Internet of Things, and ubiquitous computing.

Part II: Case Studies

Ira Winkler is a popular speaker at cybersecurity conferences worldwide and there’s a reason for it: He’s a consummate story teller. In Part 2 of Spies Among Us, Ira delivers six case studies based on his experiences as a security tester. These are real-life stories of successful espionage leveraging the spy techniques from section one. Ira explains how the vulnerabilities were exploited so the reader understands ways to prevent, or at least detect, when it happens to them. As you read these stories, or hear Ira tell them, you may swear it is your own company that was attacked. They feel that real.

Each case study demonstrates the systematic, repeatable process used by spies to exploit expected vulnerabilities. These are employed by Ira as a security tester who simulates real-life espionage attempts against corporations. He walks you through the steps he took to gain access to internal facilities, systems and data, time and time again. The level of detail he goes into makes it sound easy, but it’s not. He covers many technical and social engineering techniques that still work a dozen years later. Ira ends each chapter with an in-depth discussion of the vulnerabilities exploited and ways to prevent it. This is of immense value as a learning tool.

Part III: Stopping the Spies

The last section of the book provides depth on ways to stop the spies from successfully infiltrating your organization and your life. Chapter 12 contains simple, low-cost countermeasures that should be in every organization, but sadly, still are not. As the reader considers each of the countermeasures, Ira asks them to consider questions to assure it is fully utilized to the organization’s benefit. Asking the right questions, like these, helps balance the risk-benefit equation.

Chapter 12 also contains “Ira’s Four Golden Rules”: Install and maintain (1) Anti-virus; (2) Firewall; (3) Anti-spyware; and (4) Backup/recovery system. While these are still in use today, our technology and the processes used by spies to break it are much more advanced. This is another section in need of updating to best meet today’s challenges.

One critical point in Chapter 12 that shouldn’t be missed is, “It’s How You Say It, Not What You Say.” Again this is where Ira excels. All awareness training must be made personal and apply to everyone hearing it. Otherwise, it’s just a compliance exercise. It must be ongoing and almost ubiquitous in day-to-day operations.

Ira concludes his book with a call to action. The amount of risk you accept should be a conscious choice, which requires actionable items to address each risk. He once again provides basic steps to begin developing a security program. Now that many organizations have one in place, this may be too elementary for seasoned security professionals. However, the ideas are a good reminder of security fundamentals that are often missed, and thus exploited, by the Spies Among Us.

Conclusion

Ira’s intent in writing Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don’t Even Know You Encounter Every Day is to provide readers with common knowledge so that they can exercise common sense when it comes to security and reducing the effects of the spies among us. He succeeds in doing so. Ira wonderfully uses stories to make his points on how vulnerable we are and how simple it can be to thwart the spies.

Spies Among Us is a book that should be read by all security professionals, especially the Part II Case Studies. Readers should look beyond the dated technologies mentioned in the book to the timeless philosophies and concepts explored by Ira. These are the ideas every security professional needs engrained in their being. In speaking with the author, he is in the process of updating Spies Among Us, which will only make this book more of a classic in security literature. Therefore, this book should be included in the Cybersecurity Canon Hall of Fame.

Ira Winkler continues to be a great influence in the cybersecurity community. His words are used by many to champion our cause for better security. I encourage readers to seek him out and learn from him as I have over the years, and I thank him for that.

Get updates from Palo Alto Networks!

Sign up to receive the latest news, cyber threat intelligence and research from us